Security
Headlines
HeadlinesLatestCVEs

Latest News

Android malware FakeCall intercepts your calls to the bank

Android malware FakeCall can intercept calls to the bank on infected devices and redirect the target to the criminals.

Malwarebytes
#android#git
Canada Grapples With 'Second-to-None' PRC-Backed Threat Actors

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

CVE-2024-10487: Chromium: CVE-2024-10487: Out of bounds write in Dawn

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

New Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors

Cybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan.…

GHSA-56m6-4mhw-h3g5: langflow has vulnerability in PythonCodeTool component

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our

North Korea's Andariel Pivots to 'Play' Ransomware Games

The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to username enumeration. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.

How To Create a Complete GitHub Backup

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…